 Network design should be a complete process that matches business needs to available technology to deliver a system that...
 Don’t just start connecting the dots Analyze business and technical goals first Explore divisional and group structure...
Layer 7   ApplicationLayer 6   PresentationLayer 5     SessionLayer 4    TransportLayer 3    NetworkLayer 2    Data LinkLa...
 A focus is placed on understanding data flow, data types,  and processes that access or change the data. A focus is pla...
 SDLC: Does it mean Synchronous Data Link Control  or Systems Development Life Cycle? The latter for the purposes of thi...
Analyze              requirementsMonitor and                      Develop  optimize                       logical  network...
 Phase 1 – Analyze Requirements   Analyze business goals and constraints   Analyze technical goals and tradeoffs   Cha...
 Phase 2 – Logical Network Design   Design a network topology   Design models for addressing and naming   Select switc...
 Phase 3 – Physical Network Design   Select technologies and devices for campus networks   Select technologies and devi...
 Phase 4 – Testing, Optimizing, and Documenting the Network Design   Test the network design   Optimize the network des...
Plan                            Design               RetireOptimize                        Implement           Operate
 Increase revenue Reduce operating costs Improve communications Shorten product development cycle Expand into worldwi...
 Mobility Security Resiliency (fault tolerance) Business continuity after a disaster Network projects must be priorit...
 Budget Staffing Schedule Politics and policies
 Before meeting with the client, whether internal or  external, collect some basic business-related  information Such as...
 Try to get   A concise statement of the goals of the    project      What problem are they trying to solve?      How ...
 What will happen if the project is a failure?   Is this a critical business function?   Is this project visible to upp...
 Discover any biases   For example      Will they only use certain company’s       products?      Do they avoid certai...
 Get a copy of the organization chart    This will show the general structure of the organization    It will suggest us...
 Get a copy of the security policy    How does the policy affect the new design?    How does the new design affect the ...
 Small in scope?   Allow sales people to access network via a VPN Large in scope?   An entire redesign of an enterpris...
 Applications   Now and after the project is completed   Include both productivity applications and system    managemen...
Name of     Type of       New          Criticality   CommentsApplication Application   Application?
 Systematic approach Focus first on business requirements and constraints,  and applications Gain an understanding of t...
 What are the main phases of network design per  the top-down network design approach? What are the main phases of netwo...
Top-Down Network Design            Chapter Two   Analyzing Technical Goals and Tradeoffs
Technical Goals•   Scalability•   Availability•   Performance•   Security•   Manageability•   Usability•   Adaptability•  ...
Scalability• Scalability refers to the ability to grow• Some technologies are more scalable  – Flat network designs, for e...
Availability• Availability can be expressed as a percent  uptime per year, month, week, day, or hour,  compared to the tot...
Availability          Downtime in Minutes          Per Hour   Per Day   Per Week   Per Year99.999%    .0006        .01    ...
99.999% Availability MayRequire Triple Redundancy    ISP 1         ISP 2       ISP 3              Enterprise  • Can the cu...
Availability• Availability can also be expressed as a  mean time between failure (MTBF) and  mean time to repair (MTTR)• A...
Network Performance• Common performance factors include  –   Bandwidth  –   Throughput  –   Bandwidth utilization  –   Off...
Bandwidth Vs. Throughput• Bandwidth and throughput are not the same  thing• Bandwidth is the data carrying capacity of a  ...
Bandwidth, Throughput, Load    100 % of CapacityThr                                              Actualoughput            ...
Other Factors that Affect               Throughput•   The size of packets•   Inter-frame gaps between packets•   Packets-p...
Throughput Vs. Goodput• You need to decide what you mean by  throughput• Are you referring to bytes per second,  regardles...
Performance (continued)• Efficiency  – How much overhead is required to deliver an    amount of data?  – How large can pac...
EfficiencySmall Frames (Less Efficient)Large Frames (More Efficient)
Delay from the User’s Point of            View               • Response Time                 – A function of the          ...
Delay from the Engineer’s Point           of View• Propagation delay  – A signal travels in a cable at about 2/3 the    sp...
Queuing Delay and Bandwidth Utilization     •   Number of packets in a queue increases exponentially as         utilizatio...
Example• A packet switch has 5 users, each offering  packets at a rate of 10 packets per second• The average length of the...
Delay Variation• The amount of time average delay varies  – Also known as jitter• Voice, video, and audio are  intolerant ...
Security• Focus on requirements first• Detailed security planning later (Chapter 8)• Identify network assets  – Including ...
Network Assets•   Hardware•   Software•   Applications•   Data•   Intellectual property•   Trade secrets•   Company’s repu...
Security Risks• Hacked network devices  – Data can be intercepted, analyzed, altered, or    deleted  – User passwords can ...
Manageability•   Performance management•   Fault management•   Configuration management•   Security management•   Accounti...
Usability• Usability: the ease of use with which  network users can access the network and  services• Networks should make...
Adaptability• Avoid incorporating any design elements  that would make it hard to implement new  technologies in the futur...
Affordability• A network should carry the maximum  amount of traffic possible for a given  financial cost• Affordability i...
Network Applications                   Technical RequirementsName of     Cost of    Acceptable   Acceptable   Throughput  ...
Making Tradeoffs• Scalability                20• Availability               30• Network performance        15• Security   ...
Summary• Continue to use a systematic, top-down  approach• Don’t select products until you understand  goals for scalabili...
Review Questions• What are some typical technical goals for  organizations today?• How do bandwidth and throughput differ?...
Top-Down Network Design           Chapter Three   Characterizing the Existing Internetwork
What’s the Starting Point?• According to Abraham Lincoln:  – “If we could first know where we are and    whither we are te...
Where Are We?• Characterize the exiting internetwork in  terms of:  – Its infrastructure       • Logical structure (modula...
Get a Network Map  Medford                                                                                 RoseburgFast Et...
Characterize Addressing and             Naming• IP addressing for major devices, client  networks, server networks, and so...
Discontiguous Subnets                              Area 0                             Network                           19...
Characterize the Wiring and Media•   Single-mode fiber•   Multi-mode fiber•   Shielded twisted pair (STP) copper•   Unshie...
Campus Network Wiring                         Horizontal        Work-Area                          Wiring            Wirin...
Architectural Constraints• Make sure the following are sufficient  –   Air conditioning  –   Heating  –   Ventilation  –  ...
Architectural Constraints• Make sure there’s space for:  –   Cabling conduits  –   Patch panels  –   Equipment racks  –   ...
Issues for Wireless Installations•   Reflection•   Absorption•   Refraction•   Diffraction
Check the Health of the Existing         Internetwork•   Performance•   Availability•   Bandwidth utilization•   Accuracy•...
Characterize Availability                            Date and Duration of   Cause of Last              MTBF   MTTR   Last ...
Network Utilization in Minute                 Intervals                              Network Utilization       16:40:00   ...
Network Utilization in Hour                   Intervals                                      Network Utilization       13:...
Bandwidth Utilization by                    Protocol             Relative      Absolute                  Multicast        ...
Characterize Packet Sizes
Characterize Response Time          Node A   Node B   Node C   Node D            XNode A                    XNode BNode C ...
Check the Status of MajorRouters, Switches, and Firewalls•   show buffers•   show environment•   show interfaces•   show m...
Tools•   Protocol analyzers•   Multi Router Traffic Grapher (MRTG)•   Remote monitoring (RMON) probes•   Cisco Discovery P...
Summary• Characterize the exiting internetwork before  designing enhancements• Helps you verify that a customer’s design  ...
Review Questions• What factors will help you decide if the existing  internetwork is in good enough shape to support new  ...
Top-Down Network Design         Chapter Four     Characterizing Network Traffic
Network Traffic Factors•   Traffic flow•   Location of traffic sources and data stores•   Traffic load•   Traffic behavior...
User CommunitiesUser        Size of      Location(s) of   Application(s)Community   Community    Community        Used byN...
Data StoresData Store   Location   Application(s) Used by User                                       Community(or         ...
Traffic Flow           Destination 1   Destination 2   Destination 3   Destination           MB/sec          MB/sec       ...
Traffic Flow                               Library and Computing Center                                          30 Librar...
Types of Traffic Flow•   Terminal/host•   Client/server•   Thin client•   Peer-to-peer•   Server/server•   Distributed com...
Traffic Flow for Voice over IP• The flow associated with transmitting  the audio voice is separate from the  flows associa...
Network Applications                      Traffic CharacteristicsName of     Type of    Protocol(s)   User           Data ...
Traffic Load• To calculate whether capacity is sufficient,  you should know:  – The number of stations  – The average time...
Size of Objects on Networks•   Terminal screen: 4 Kbytes•   Simple e-mail: 10 Kbytes•   Simple web page: 50 Kbytes•   High...
Traffic Behavior• Broadcasts   – All ones data-link layer destination address       • FF: FF: FF: FF: FF: FF   – Doesn’t n...
Network Efficiency•   Frame size•   Protocol interaction•   Windowing and flow control•   Error-recovery mechanisms
QoS Requirements• ATM service specifications  –   Constant bit rate (CBR)  –   Realtime variable bit rate (rt-VBR)  –   No...
QoS Requirements per IETF• IETF integrated services working group  specifications  – Controlled load service     • Provide...
QoS Requirements per IETF• IETF differentiated services working group  specifications  – RFC 2475  – IP packets can be mar...
Summary• Continue to use a systematic, top-down  approach• Don’t select products until you understand  network traffic in ...
Review Questions• List and describe six different types of traffic flows.• What makes traffic flow in voice over IP networ...
Top-Down Network Design         Chapter Five     Designing a Network Topology
Topology• A branch of mathematics concerned with those  properties of geometric configurations that are  unaltered by elas...
Network Topology Design              Themes•   Hierarchy•   Redundancy•   Modularity•   Well-defined entries and exits•   ...
Why Use a Hierarchical Model?• Reduces workload on network devices     – Avoids devices having to communicate with       t...
Hierarchical Network Design                           Enterprise WAN                              Backbone                ...
Cisco’s Hierarchical Design              Model• A core layer of high-end routers and  switches that are optimized for avai...
Flat Versus Hierarchy                                                        Headquarters in                              ...
Mesh                         DesignsPartial-Mesh Topology                        Full-Mesh Topology
A Partial-Mesh Hierarchical Design                                Headquarters                                (Core Layer)...
A Hub-and-Spoke Hierarchical Topology                           Corporate                          HeadquartersBranch Offi...
Avoid Chains and Backdoors                  Core Layer                    Distribution Layer                              ...
How Do You Know When You    Have a Good Design?• When you already know how to add a new  building, floor, WAN link, remote...
Cisco’s Enterprise Composite            Network Model             Enterprise Campus                                       ...
Campus Topology Design•   Use a hierarchical, modular approach•   Minimize the size of bandwidth domains•   Minimize the s...
Enterprise Campus Modules• Server farm• Network management module• Edge distribution module for connectivity to  the rest ...
A Simple Campus Redundant Design                               Host A   LAN X           Switch 1                     Switc...
Bridges and Switches use Spanning-Tree Protocol (STP) to Avoid Loops                               Host A   LAN X         ...
Bridges (Switches) Running STP• Participate with other bridges in the election of a single  bridge as the Root Bridge.• Ca...
Elect a Root                                                  Lowest Bridge ID                                       Bridg...
Determine Root Ports                                       Bridge A ID =                                 80.00.00.00.0C.AA...
Determine Designated Ports                                                       Bridge A ID =                            ...
Prune Topology into a Tree!                                                 Bridge A ID =                                 ...
React to Changes                                                    Bridge A ID =                                         ...
Scaling the Spanning Tree             Protocol• Keep the switched network small  – It shouldn’t span more than seven switc...
Virtual LANs (VLANs)• An emulation of a standard LAN that allows  data transfer to take place without the  traditional phy...
VLANs versus Real LANs                Switch A                               Switch BStation A1    Station A2   Station A3...
A Switch with VLANs                  VLAN A   Station A1     Station A2       Station A3  Station B1    Station B2     Sta...
VLANs Span Switches                   VLAN A                                        VLAN A   Station A1     Station A2    ...
WLANs and VLANs• A wireless LAN (WLAN) is often  implemented as a VLAN• Facilitates roaming• Users remain in the same VLAN...
Workstation-to-Router         Communication• Proxy ARP (not a good idea)• Listen for route advertisements (not a great  id...
HSRP              Active Router                               Enterprise Internetwork              Virtual RouterWorkstati...
Multihoming the Internet        Connection        ISP 1                           ISP 1   Enterprise              Paris   ...
Security Topologies                          DMZEnterprise                                   Internet Network             ...
Security Topologies                               Internet                                          Firewall          DMZ ...
Summary• Use a systematic, top-down approach• Plan the logical design before the physical  design• Topology design should ...
Review Questions• Why are hierarchy and modularity important for  network designs?• What are the three layers of Cisco’s h...
Top-Down Network Design              Chapter Six  Designing Models for Addressing and Naming
Guidelines for Addressing and             Naming• Use a structured model for addressing and  naming• Assign addresses and ...
Advantages of Structured Models   for Addressing & Naming• It makes it easier to  –   Read network maps  –   Operate netwo...
Public IP Addresses• Managed by the Internet Assigned Numbers  Authority (IANA)• Users are assigned IP addresses by Intern...
Regional Internet Registries               (RIR)• APNIC (Asia Pacific Network Information Centre) –  Asia/Pacific Region• ...
Private Addressing• 10.0.0.0 – 10.255.255.255• 172.16.0.0 – 172.31.255.255• 192.168.0.0 – 192.168.255.255
Criteria for Using Static Vs.        Dynamic Addressing•   The number of end systems•   The likelihood of needing to renum...
The Two Parts of an IP Address                      32 Bits       Prefix                   Host      Prefix Length
Prefix Length• An IP address is accompanied by an  indication of the prefix length  – Subnet mask  – /Length• Examples  – ...
Subnet Mask• 32 bits long• Specifies which part of an IP address is the  network/subnet field and which part is the host f...
Subnet Mask Example• 11111111 11111111 11111111 00000000• What is this in slash notation?• What is this in dotted-decimal ...
Another Subnet Mask Example• 11111111 11111111 11110000 00000000• What is this in slash notation?• What is this in dotted-...
One More Subnet Mask Example• 11111111 11111111 11111000 00000000• What is this in slash notation?• What is this in dotted...
Designing Networks with        Subnets   • Determining subnet size   • Computing subnet mask   • Computing IP addresses
Addresses to Avoid When             Subnetting•   A node address of all ones (broadcast)•   A node address of all zeros (n...
Practice• Network is 172.16.0.0• You want to divide the network into subnets.• You will allow 600 nodes per subnet.• What ...
More Practice• Network is 172.16.0.0• You have eight LANs, each of which will  be its own subnet.• What subnet mask should...
One More• Network is 192.168.55.0• You want to divide the network into subnets.• You will have approximately 25 nodes per ...
IP Address Classes• Classes are now considered obsolete• But you have to learn them because  – Everyone in the industry st...
Classful IP AddressingClass     First           First Byte            Prefix         Intent          Few Bits             ...
Division of the Classful Address              Space   Class   Prefix   Number of Addresses           Length   per Network ...
Classful IP is Wasteful•   Class A uses 50% of address space•   Class B uses 25% of address space•   Class C uses 12.5% of...
Classless Addressing• Prefix/host boundary can be anywhere• Less wasteful• Supports route summarization  – Also known as  ...
Supernetting    172.16.0.0    172.17.0.0    172.18.0.0                            Branch-Office Router    172.19.0.0      ...
172.16.0.0/14 SummarizationSecond Octet in Decimal   Second Octet in Binary16                        0001000017           ...
Discontiguous Subnets                              Area 0                             Network                           19...
A Mobile HostRouter A                                Router B    Subnets 10.108.16.0 -        10.108.31.0                 ...
IPv6 Aggregatable Global       Unicast Address Format3    13      8          24      16                64 bitsFP   TLA   R...
Upgrading to IPv6• Dual stack• Tunneling• Translation
Guidelines for Assigning Names• Names should be  –   Short  –   Meaningful  –   Unambiguous  –   Distinct  –   Case insens...
Domain Name System (DNS)• Maps names to IP addresses• Supports hierarchical naming  – example: frodo.rivendell.middle-eart...
DNS Details• Client/server model• Client is configured with the IP address  of a DNS server  – Manually or DHCP can provid...
DNS Recursion• A DNS server may offer recursion, which allows the  server to ask other servers   – Each server is configur...
Summary• Use a systematic, structured, top-down  approach to addressing and naming• Assign addresses in a hierarchical fas...
Review Questions• Why is it important to use a structured model  for addressing and naming?• When is it appropriate to use...
Top-Down Network Design           Chapter Seven   Selecting Switching and Routing Protocols
Switching and Routing Choices• Switching  –   Layer 2 transparent bridging (switching)  –   Multilayer switching  –   Span...
Selection Criteria for Switching        and Routing Protocols•   Network traffic characteristics•   Bandwidth, memory, and...
Making Decisions• Goals must be established• Many options should be explored• The consequences of the decision should be  ...
Example Decision Table
Transparent Bridging (Switching)             Tasks• Forward frames transparently• Learn which port to use for each MAC  ad...
Switching Table on a Bridge or           Switch       MAC Address       Port     08-00-07-06-41-B9    1     00-00-0C-60-7C...
Cisco Multilayer Switching• Route processor or router• Switching engine• The Multilayer Switching Protocol (MLSP)
Cisco Spanning Tree Protocol           Enhancements•   PortFast•   UplinkFast and Backbone Fast•   Unidirectional link det...
Redundant Uplinks Core Layer                                        X Distribution Layer                 Switch B         ...
Protocols for Transporting       VLAN Information• Inter-Switch Link (ISL)  – Tagging protocol  – Cisco proprietary• IEEE ...
Selecting Routing Protocols• They all have the same general goal:  – To share network reachability information    among ro...
Interior Versus Exterior Routing            Protocols• Interior routing protocols are used within an  autonomous system• E...
Routing Protocol Metrics• Metric: the determining factor used by a routing  algorithm to decide which route to a network i...
Routing Algorithms• Static routing   – Calculated beforehand, offline• Default routing   – “If I don’t recognize the desti...
Static Routing Example                172.16.20.1         172.16.20.2              172.16.40.1       172.16.40.2       Rou...
Default Routing Example                172.16.20.1             172.16.20.2              172.16.40.1        172.16.40.2    ...
Distance-Vector Routing• Router maintains a routing table that lists  known networks, direction (vector) to each  network,...
Distance-Vector Routing Tables  Router A                          Router B  172.16.0.0                                    ...
Link-State Routing• Routers send updates only when there’s a  change• Router that detects change creates a link-state  adv...
Distance-Vector Vs. Link-State• Distance-vector algorithms keep a list of  networks, with next hop and distance (metric)  ...
Choosing Between Distance-     Vector and Link-StateChoose Distance-Vector            Choose Link-State• Simple, flat topo...
Dynamic IP Routing ProtocolsDistance-Vector                  Link-State• Routing Information Protocol   • Open Shortest Pa...
Routing Information Protocol (RIP)• First standard routing protocol developed for TCP/IP  environments   – RIP Version 1 i...
RIP V2 Features• Includes the subnet mask with route updates  – Supports prefix routing (classless routing, supernetting) ...
IGRP Solved Problems with RIP• 15-hop limitation in RIP  – IGRP supports 255 hops• Reliance on just one metric (hop count)...
EIGRP• Adjusts to changes in internetwork very  quickly• Incremental updates contain only changes,  not full routing table...
Open Shortest Path First (OSPF)•   Open standard, defined in RFC 2328•   Adjusts to changes quickly•   Supports very large...
OSPF Metric• A single dimensionless value called cost. A  network administrator assigns an OSPF cost  to each router inter...
OSPF Areas Connected via Area   Border Routers (ABRs)            Area 0 (Backbone)          ABR              ABR          ...
IS-IS• Intermediate System-to-Intermediate  System• Link-state routing protocol• Designed by the ISO for the OSI protocols...
Border Gateway Protocol (BGP)• Allows routers in different autonomous  systems to exchange routing information  – Exterior...
Summary• The selection of switching and routing  protocols should be based on an analysis of  – Goals  – Scalability and p...
Review Questions• What are some options for enhancing the  Spanning Tree Protocol?• What factors will help you decide whet...
Top-Down Network Design           Chapter Eight   Developing Network Security Strategies
Network Security Design      The 12 Step Program1. Identify network assets2. Analyze security risks3. Analyze security req...
The 12 Step Program (continued)7. Develop a technical implementation strategy8. Achieve buy-in from users, managers, and  ...
Network Assets•   Hardware•   Software•   Applications•   Data•   Intellectual property•   Trade secrets•   Company’s repu...
Security Risks• Hacked network devices  – Data can be intercepted, analyzed, altered, or    deleted  – User passwords can ...
Security Tradeoffs• Tradeoffs must be made between security  goals and other goals:  –   Affordability  –   Usability  –  ...
A Security Plan  • High-level document that    proposes what an organization    is going to do to meet security    require...
A Security Policy• Per RFC 2196, “The Site Security  Handbook,” a security policy is a  – “Formal statement of the rules b...
Security Mechanisms•   Physical security•   Authentication•   Authorization•   Accounting (Auditing)•   Data encryption•  ...
Modularizing Security Design• Security defense in depth  – Network security should be multilayered with    many different ...
Modularizing Security Design• Secure all components of a modular design:  –   Internet connections  –   Public servers and...
Cisco’s Enterprise Composite            Network Model             Enterprise Campus                                       ...
Cisco SAFE• Cisco SAFE Blueprint addresses security in  every module of a modular network  architecture.
Securing Internet Connections•   Physical security•   Firewalls and packet filters•   Audit logs, authentication, authoriz...
Securing Public Servers• Place servers in a DMZ that is protected via  firewalls• Run a firewall on the server itself• Ena...
Security Topologies                          DMZEnterprise                                   Internet Network             ...
Security Topologies                               Internet                                          Firewall          DMZ ...
Securing Remote-Access and       Virtual Private Networks•   Physical security•   Firewalls•   Authentication, authorizati...
Securing Network Services• Treat each network device (routers,  switches, and so on) as a high-value host  and harden it a...
Securing Server Farms• Deploy network and host IDSs to monitor  server subnets and individual servers• Configure filters t...
Securing User Services• Specify which applications are allowed to  run on networked PCs in the security policy• Require pe...
Securing Wireless Networks• Place wireless LANs (WLANs) in their own  subnet or VLAN  – Simplifies addressing and makes it...
WLAN Security Options•   Wired Equivalent Privacy (WEP)•   IEEE 802.11i•   Wi-Fi Protected Access (WPA)•   IEEE 802.1X Ext...
Wired Equivalent Privacy (WEP)• Defined by IEEE 802.11• Users must possess the appropriate WEP  key that is also configure...
WEP Alternatives• Vendor enhancements to WEP• Temporal Key Integrity Protocol (TKIP)  – Every frame has a new and unique W...
Extensible Authentication          Protocol (EAP)• With 802.1X and EAP, devices take on one  of three roles:  – The suppli...
EAP (Continued)• An EAP supplicant on the client obtains  credentials from the user, which could be a  user ID and passwor...
Cisco’s Lightweight EAP              (LEAP)• Standard EAP plus mutual authentication  – The user and the access point must...
Other EAPs• EAP-Transport Layer Security (EAP-TLS) was  developed by Microsoft  – Requires certificates for clients and se...
VPN Software on Wireless Clients• Safest way to do wireless networking for  corporations• Wireless client requires VPN sof...
Summary• Use a top-down approach  – Chapter 2 talks about identifying assets and risks    and developing security requirem...
Review Questions• How does a security plan differ from a  security policy?• Why is it important to achieve buy-in from  us...
Top-Down Network Design            Chapter Nine  Developing Network Management Strategies
Network Management• Helps an organization achieve availability,  performance, and security goals• Helps an organization me...
Network Management Design• Consider scalability, traffic patterns, data  formats, cost/benefit tradeoffs• Determine which ...
Proactive Network Management• Plan to check the health of the network  during normal operation, not just when  there are p...
Network Management Processes    According to the ISO•   Performance management•   Fault management•   Configuration manage...
Performance Management• Monitor end-to-end performance• Also monitor component performance  (individual links and devices)...
Fault Management• Detect, isolate, diagnose, and correct  problems• Report status to end users and managers• Track trends ...
Configuration Management• Keep track of network devices and their  configurations• Maintain an inventory of network assets...
Security Management• Maintain and distribute user names and  passwords• Generate, distribute, and store encryption  keys• ...
Accounting Management• Keep track of network usage by  departments or individuals• Facilitate usage-based billing• Find ab...
Network Management Components• A managed device is a network node that  collects and stores management information• An age...
Network Management Architecture                   NMS      Agent        Agent        Agent    Management   Management   Ma...
Architecture Concerns• In-band versus out-of-band monitoring  – In-band is easier to develop, but results in    management...
Simple Network Management       Protocol (SNMP)• Most popular network management  protocol• SNMPv3 should gradually suppla...
Remote Monitoring (RMON)• Developed by the IETF in the early 1990s  to address shortcomings in standard MIBs  – Provides i...
Cisco Tools• Cisco Discovery Protocol• NetFlow Accounting• Service Assurance Agent (SAA)
Summary• Determine which resources to monitor, which  data about these resources to collect, and how  to interpret that da...
Review Questions• Why is network management design  important?• Define the five types of network management  processes acc...
Top-Down Network Design                 Chapter TenSelecting Technologies and Devices for Campus Networks
Selecting Technologies and              Devices• We now know what the network will look like• We also know what capabiliti...
Campus Network Design Steps• Develop a cabling plant  design• Select the types of cabling• Select the data-link-layer  tec...
Cabling Plant Design Considerations• Campus and building cabling topologies• The types and lengths of cables between build...
Centralized Versus Distributed       Cabling Topologies• A centralized cabling scheme terminates  most or all of the cable...
Centralized Campus Cabling                   Building B   Building C   Building DCable BundleBuilding A
Distributed Campus Cabling             Building B   Building C   Building DBuilding A
Types of Media Used in Campus          Networks• Copper media• Optical media• Wireless media
Copper Media Advantages•   Conducts electric current well•   Does not rust•   Can be drawn into thin wires•   Easy to shap...
Copper MediaCoaxial                            Twisted-PairShielded Twisted-Pair (STP)   Unshielded Twisted-Pair (UTP)
Coaxial Cable• Solid copper conductor, surrounded by:  – Flexible plastic insulation  – Braided copper shielding  – Outer ...
Twisted-Pair Cabling• A “twisted pair” consists of two copper  conductors twisted together• Each conductor has plastic ins...
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Top Down Network Design - ebrahma.com
Upcoming SlideShare
Loading in …5
×

Top Down Network Design - ebrahma.com

17,894
-1

Published on

http;//www.ebrahma.com

Published in: Technology
4 Comments
18 Likes
Statistics
Notes
  • downloading is now allowed..
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @Reshma_g Hi, Plz send me an email - ps@ebrahma.com, will surely email it across
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hey Pawan,

    Hi!! Thanks for a great stuff in Network Designing....
    We are currently assigned a case study on Campus area network from top down approach book along with seminar to it.....
    since u have disabled the save as option here....
    it is a bit difficult for us....so please can u enable that option....we have our submissions in next 2 days....or u can guide us to pass on the email id to u so that ucan fwd it.

    Awaiting ur reply ASAP...

    Appreciate ur assistance in this...
    Thanks
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Nice ! i appreciate it your share . if can send to my e-mail hawka5566@hotmail.com thanks. >_
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
17,894
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
546
Comments
4
Likes
18
Embeds 0
No embeds

No notes for slide

Top Down Network Design - ebrahma.com

  1. 1.  Network design should be a complete process that matches business needs to available technology to deliver a system that will maximize an organization’s success  In the LAN area it is more than just buying a few devices  In the WAN area it is more than just calling the phone company
  2. 2.  Don’t just start connecting the dots Analyze business and technical goals first Explore divisional and group structures to find out who the network serves and where they reside Determine what applications will run on the network and how those applications behave on a network Focus on Layer 7 and above first
  3. 3. Layer 7 ApplicationLayer 6 PresentationLayer 5 SessionLayer 4 TransportLayer 3 NetworkLayer 2 Data LinkLayer 1 Physical
  4. 4.  A focus is placed on understanding data flow, data types, and processes that access or change the data. A focus is placed on understanding the location and needs of user communities that access or change data and processes. Several techniques and models can be used to characterize the existing system, new user requirements, and a structure for the future system. A logical model is developed before the physical model.  The logical model represents the basic building blocks, divided by function, and the structure of the system.  The physical model represents devices and specific technologies and implementations.
  5. 5.  SDLC: Does it mean Synchronous Data Link Control or Systems Development Life Cycle? The latter for the purposes of this class! Typical systems are developed and continue to exist over a period of time, often called a systems development life cycle (SDLC)
  6. 6. Analyze requirementsMonitor and Develop optimize logical network designperformance Implement Develop and test physical network design Test, optimize, and document design
  7. 7.  Phase 1 – Analyze Requirements  Analyze business goals and constraints  Analyze technical goals and tradeoffs  Characterize the existing network  Characterize network traffic
  8. 8.  Phase 2 – Logical Network Design  Design a network topology  Design models for addressing and naming  Select switching and routing protocols  Develop network security strategies  Develop network management strategies
  9. 9.  Phase 3 – Physical Network Design  Select technologies and devices for campus networks  Select technologies and devices for enterprise networks
  10. 10.  Phase 4 – Testing, Optimizing, and Documenting the Network Design  Test the network design  Optimize the network design  Document the network design
  11. 11. Plan Design RetireOptimize Implement Operate
  12. 12.  Increase revenue Reduce operating costs Improve communications Shorten product development cycle Expand into worldwide markets Build partnerships with other companies Offer better customer support or new customer services
  13. 13.  Mobility Security Resiliency (fault tolerance) Business continuity after a disaster Network projects must be prioritized based on fiscal goals Networks must offer the low delay required for real- time applications such as VoIP
  14. 14.  Budget Staffing Schedule Politics and policies
  15. 15.  Before meeting with the client, whether internal or external, collect some basic business-related information Such as  Products produced/Services supplied  Financial viability  Customers, suppliers, competitors  Competitive advantage
  16. 16.  Try to get  A concise statement of the goals of the project  What problem are they trying to solve?  How will new technology help them be more successful in their business?  What must happen for the project to succeed?
  17. 17.  What will happen if the project is a failure?  Is this a critical business function?  Is this project visible to upper management?  Who’s on your side?
  18. 18.  Discover any biases  For example  Will they only use certain company’s products?  Do they avoid certain technologies?  Do the data people look down on the voice people or vice versa?  Talk to the technical and management staff
  19. 19.  Get a copy of the organization chart  This will show the general structure of the organization  It will suggest users to account for  It will suggest geographical locations to account for
  20. 20.  Get a copy of the security policy  How does the policy affect the new design?  How does the new design affect the policy?  Is the policy so strict that you (the network designer) won’t be able to do your job? Start cataloging network assets that security should protect  Hardware, software, applications, and data  Less obvious, but still important, intellectual property, trade secrets, and a companys reputation
  21. 21.  Small in scope?  Allow sales people to access network via a VPN Large in scope?  An entire redesign of an enterprise network Use the OSI model to clarify the scope  New financial reporting application versus new routing protocol versus new data link (wireless, for example) Does the scope fit the budget, capabilities of staff and consultants, schedule?
  22. 22.  Applications  Now and after the project is completed  Include both productivity applications and system management applications User communities Data stores Protocols Current logical and physical architecture Current performance
  23. 23. Name of Type of New Criticality CommentsApplication Application Application?
  24. 24.  Systematic approach Focus first on business requirements and constraints, and applications Gain an understanding of the customer’s corporate structure Gain an understanding of the customer’s business style
  25. 25.  What are the main phases of network design per the top-down network design approach? What are the main phases of network design per the PDIOO approach? Why is it important to understand your customer’s business style? What are some typical business goals for organizations today?
  26. 26. Top-Down Network Design Chapter Two Analyzing Technical Goals and Tradeoffs
  27. 27. Technical Goals• Scalability• Availability• Performance• Security• Manageability• Usability• Adaptability• Affordability
  28. 28. Scalability• Scalability refers to the ability to grow• Some technologies are more scalable – Flat network designs, for example, don’t scale well• Try to learn – Number of sites to be added – What will be needed at each of these sites – How many users will be added – How many more servers will be added
  29. 29. Availability• Availability can be expressed as a percent uptime per year, month, week, day, or hour, compared to the total time in that period – For example: • 24/7 operation • Network is up for 165 hours in the 168-hour week • Availability is 98.21%• Different applications may require different levels• Some enterprises may want 99.999% or “Five Nines” availability
  30. 30. Availability Downtime in Minutes Per Hour Per Day Per Week Per Year99.999% .0006 .01 .10 599.98% .012 .29 2 10599.95% .03 .72 5 26399.90% .06 1.44 10 52699.70% .18 4.32 30 1577
  31. 31. 99.999% Availability MayRequire Triple Redundancy ISP 1 ISP 2 ISP 3 Enterprise • Can the customer afford this?
  32. 32. Availability• Availability can also be expressed as a mean time between failure (MTBF) and mean time to repair (MTTR)• Availability = MTBF/(MTBF + MTTR) – For example: • The network should not fail more than once every 4,000 hours (166 days) and it should be fixed within one hour • 4,000/4,001 = 99.98% availability
  33. 33. Network Performance• Common performance factors include – Bandwidth – Throughput – Bandwidth utilization – Offered load – Accuracy – Efficiency – Delay (latency) and delay variation – Response time
  34. 34. Bandwidth Vs. Throughput• Bandwidth and throughput are not the same thing• Bandwidth is the data carrying capacity of a circuit • Usually specified in bits per second• Throughput is the quantity of error free data transmitted per unit of time • Measured in bps, Bps, or packets per second (pps)
  35. 35. Bandwidth, Throughput, Load 100 % of CapacityThr Actualoughput 100 % of Capacity Offered Load
  36. 36. Other Factors that Affect Throughput• The size of packets• Inter-frame gaps between packets• Packets-per-second ratings of devices that forward packets• Client speed (CPU, memory, and HD access speeds)• Server speed (CPU, memory, and HD access speeds)• Network design• Protocols• Distance• Errors• Time of day, etc., etc., etc.
  37. 37. Throughput Vs. Goodput• You need to decide what you mean by throughput• Are you referring to bytes per second, regardless of whether the bytes are user data bytes or packet header bytes – Or are you concerned with application-layer throughput of user bytes, sometimes called “goodput” • In that case, you have to consider that bandwidth is being “wasted” by the headers in every packet
  38. 38. Performance (continued)• Efficiency – How much overhead is required to deliver an amount of data? – How large can packets be? • Larger better for efficiency (and goodput) • But too large means too much data is lost if a packet is damaged • How many packets can be sent in one bunch without an acknowledgment?
  39. 39. EfficiencySmall Frames (Less Efficient)Large Frames (More Efficient)
  40. 40. Delay from the User’s Point of View • Response Time – A function of the application and the equipment the application is running on, not just the network – Most users expect to see something on the screen in 100 to 200 milliseconds
  41. 41. Delay from the Engineer’s Point of View• Propagation delay – A signal travels in a cable at about 2/3 the speed of light in a vacuum• Transmission delay (also known as serialization delay) – Time to put digital data onto a transmission line • For example, it takes about 5 ms to output a 1,024 byte packet on a 1.544 Mbps T1 line• Packet-switching delay• Queuing delay
  42. 42. Queuing Delay and Bandwidth Utilization • Number of packets in a queue increases exponentially as utilization increases
  43. 43. Example• A packet switch has 5 users, each offering packets at a rate of 10 packets per second• The average length of the packets is 1,024 bits• The packet switch needs to transmit this data over a 56-Kbps WAN circuit – Load = 5 x 10 x 1,024 = 51,200 bps – Utilization = 51,200/56,000 = 91.4% – Average number of packets in queue = (0.914)/(1-0.914) = 10.63 packets
  44. 44. Delay Variation• The amount of time average delay varies – Also known as jitter• Voice, video, and audio are intolerant of delay variation• So forget everything we said about maximizing packet sizes – There are always tradeoffs – Efficiency for high-volume applications versus low and non-varying delay for multimedia
  45. 45. Security• Focus on requirements first• Detailed security planning later (Chapter 8)• Identify network assets – Including their value and the expected cost associated with losing them due to a security problem• Analyze security risks
  46. 46. Network Assets• Hardware• Software• Applications• Data• Intellectual property• Trade secrets• Company’s reputation
  47. 47. Security Risks• Hacked network devices – Data can be intercepted, analyzed, altered, or deleted – User passwords can be compromised – Device configurations can be changed• Reconnaissance attacks• Denial-of-service attacks
  48. 48. Manageability• Performance management• Fault management• Configuration management• Security management• Accounting management
  49. 49. Usability• Usability: the ease of use with which network users can access the network and services• Networks should make users’ jobs easier• Some design decisions will have a negative affect on usability: – Strict security, for example
  50. 50. Adaptability• Avoid incorporating any design elements that would make it hard to implement new technologies in the future• Change can come in the form of new protocols, new business practices, new fiscal goals, new legislation• A flexible design can adapt to changing traffic patterns and Quality of Service (QoS) requirements
  51. 51. Affordability• A network should carry the maximum amount of traffic possible for a given financial cost• Affordability is especially important in campus network designs• WANs are expected to cost more, but costs can be reduced with the proper use of technology – Quiet routing protocols, for example
  52. 52. Network Applications Technical RequirementsName of Cost of Acceptable Acceptable Throughput Delay Must be DelayApplication Downtime MTBF MTTR Goal Less Than: Variation Must be Less Than:
  53. 53. Making Tradeoffs• Scalability 20• Availability 30• Network performance 15• Security 5• Manageability 5• Usability 5• Adaptability 5• Affordability 15Total (must add up to 100) 100
  54. 54. Summary• Continue to use a systematic, top-down approach• Don’t select products until you understand goals for scalability, availability, performance, security, manageability, usability, adaptability, and affordability• Tradeoffs are almost always necessary
  55. 55. Review Questions• What are some typical technical goals for organizations today?• How do bandwidth and throughput differ?• How can one improve network efficiency?• What tradeoffs may be necessary in order to improve network efficiency?
  56. 56. Top-Down Network Design Chapter Three Characterizing the Existing Internetwork
  57. 57. What’s the Starting Point?• According to Abraham Lincoln: – “If we could first know where we are and whither we are tending, we could better judge what to do and how to do it.”
  58. 58. Where Are We?• Characterize the exiting internetwork in terms of: – Its infrastructure • Logical structure (modularity, hierarchy, topology) • Physical structure – Addressing and naming – Wiring and media – Architectural and environmental constraints – Health
  59. 59. Get a Network Map Medford RoseburgFast Ethernet Fast Ethernet 50 users 30 users Frame Relay Frame Relay CIR = 56 Kbps CIR = 56 Kbps DLCI = 5 DLCI = 4 Gigabit Grants Pass HQ Ethernet 16 Mbps Grants Pass Token Ring HQ Fast Ethernet 75 users FEP (Front End Processor) IBM Mainframe T1 Web/FTP server Eugene Ethernet T1 Internet 20 users
  60. 60. Characterize Addressing and Naming• IP addressing for major devices, client networks, server networks, and so on• Any addressing oddities, such as discontiguous subnets?• Any strategies for addressing and naming? – For example, sites may be named using airport codes • San Francisco = SFO, Oakland = OAK
  61. 61. Discontiguous Subnets Area 0 Network 192.168.49.0Router A Router B Area 1 Area 2 Subnets 10.108.16.0 - Subnets 10.108.32.0 - 10.108.31.0 10.108.47.0
  62. 62. Characterize the Wiring and Media• Single-mode fiber• Multi-mode fiber• Shielded twisted pair (STP) copper• Unshielded-twisted-pair (UTP) copper• Coaxial cable• Microwave• Laser• Radio• Infra-red
  63. 63. Campus Network Wiring Horizontal Work-Area Wiring Wiring Wallplate Telecommunications Wiring Closet Vertical Wiring(BuildingBackbone) Main Cross-Connect Room Intermediate Cross-Connect Room (or Main Distribution Frame) (or Intermediate Distribution Frame) Campus Building A - Headquarters Backbone Building B
  64. 64. Architectural Constraints• Make sure the following are sufficient – Air conditioning – Heating – Ventilation – Power – Protection from electromagnetic interference – Doors that can lock
  65. 65. Architectural Constraints• Make sure there’s space for: – Cabling conduits – Patch panels – Equipment racks – Work areas for technicians installing and troubleshooting equipment
  66. 66. Issues for Wireless Installations• Reflection• Absorption• Refraction• Diffraction
  67. 67. Check the Health of the Existing Internetwork• Performance• Availability• Bandwidth utilization• Accuracy• Efficiency• Response time• Status of major routers, switches, and firewalls
  68. 68. Characterize Availability Date and Duration of Cause of Last MTBF MTTR Last Major Major Downtime DowntimeEnterpriseSegment 1Segment 2Segment n
  69. 69. Network Utilization in Minute Intervals Network Utilization 16:40:00 16:43:00 16:46:00 16:49:00 16:52:00Time 16:55:00 Series1 16:58:00 17:01:00 17:04:00 17:07:00 17:10:00 0 1 2 3 4 5 6 7 Utilization
  70. 70. Network Utilization in Hour Intervals Network Utilization 13:00:00 14:00:00Time 15:00:00 Series1 16:00:00 17:00:00 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 Utilization
  71. 71. Bandwidth Utilization by Protocol Relative Absolute Multicast Broadcast Network Network Rate Rate Utilization UtilizationProtocol 1Protocol 2Protocol 3Protocol n
  72. 72. Characterize Packet Sizes
  73. 73. Characterize Response Time Node A Node B Node C Node D XNode A XNode BNode C XNode D X
  74. 74. Check the Status of MajorRouters, Switches, and Firewalls• show buffers• show environment• show interfaces• show memory• show processes• show running-config• show version
  75. 75. Tools• Protocol analyzers• Multi Router Traffic Grapher (MRTG)• Remote monitoring (RMON) probes• Cisco Discovery Protocol (CDP)• Cisco IOS NetFlow technology• CiscoWorks• Cisco IOS Service Assurance Agent (SAA)• Cisco Internetwork Performance Monitor (IPM)
  76. 76. Summary• Characterize the exiting internetwork before designing enhancements• Helps you verify that a customer’s design goals are realistic• Helps you locate where new equipment will go• Helps you cover yourself if the new network has problems due to unresolved problems in the old network
  77. 77. Review Questions• What factors will help you decide if the existing internetwork is in good enough shape to support new enhancements?• When considering protocol behavior, what is the difference between relative network utilization and absolute network utilization?• Why should you characterize the logical structure of an internetwork and not just the physical structure?• What architectural and environmental factors should you consider for a new wireless installation?
  78. 78. Top-Down Network Design Chapter Four Characterizing Network Traffic
  79. 79. Network Traffic Factors• Traffic flow• Location of traffic sources and data stores• Traffic load• Traffic behavior• Quality of Service (QoS) requirements
  80. 80. User CommunitiesUser Size of Location(s) of Application(s)Community Community Community Used byName (Number of Community Users)
  81. 81. Data StoresData Store Location Application(s) Used by User Community(or Communities)
  82. 82. Traffic Flow Destination 1 Destination 2 Destination 3 Destination MB/sec MB/sec MB/sec MB/secSource 1Source 2Source 3Source n
  83. 83. Traffic Flow Library and Computing Center 30 Library Patrons (PCs) 10-Mbps Metro Example 30 Macs and 60 PCs in Computing Center Ethernet to Internet Server Farm App 1 108 Kbps App 2 20 Kbps App 2 60 Kbps App 3 96 Kbps App 3 192 Kbps App 4 24 Kbps App 4 48 Kbps App 9 80 Kbps App 7 400 Kbps Total 220 Kbps Total 808 Kbps 50 PCs 25 Macs 50 PCs Administration Arts and App 1 30 Kbps Humanities App 2 20 Kbps App 1 48 Kbps App 3 60 Kbps App 2 32 Kbps App 4 16 Kbps App 3 96 Kbps Total 126 Kbps App 4 24 Kbps App 5 300 Kbps Math and App 6 200 Kbps App 8 1200 Kbps Sciences 30 PCs Total 1900 Kbps 50 PCs Business and Social Sciences
  84. 84. Types of Traffic Flow• Terminal/host• Client/server• Thin client• Peer-to-peer• Server/server• Distributed computing
  85. 85. Traffic Flow for Voice over IP• The flow associated with transmitting the audio voice is separate from the flows associated with call setup and teardown. – The flow for transmitting the digital voice is essentially peer-to-peer. – Call setup and teardown is a client/server flow • A phone needs to talk to a server or phone switch that understands phone numbers, IP addresses, capabilities negotiation, and so on.
  86. 86. Network Applications Traffic CharacteristicsName of Type of Protocol(s) User Data Stores Approximate QoSApplication Traffic Used by Communities (Servers, Hosts, Bandwidth Requirements Flow Application That Use the and so on) Requirements Application
  87. 87. Traffic Load• To calculate whether capacity is sufficient, you should know: – The number of stations – The average time that a station is idle between sending frames – The time required to transmit a message once medium access is gained• That level of detailed information can be hard to gather, however
  88. 88. Size of Objects on Networks• Terminal screen: 4 Kbytes• Simple e-mail: 10 Kbytes• Simple web page: 50 Kbytes• High-quality image: 50,000 Kbytes• Database backup: 1,000,000 Kbytes or more
  89. 89. Traffic Behavior• Broadcasts – All ones data-link layer destination address • FF: FF: FF: FF: FF: FF – Doesn’t necessarily use huge amounts of bandwidth – But does disturb every CPU in the broadcast domain• Multicasts – First bit sent is a one • 01:00:0C:CC:CC:CC (Cisco Discovery Protocol) – Should just disturb NICs that have registered to receive it – Requires multicast routing protocol on internetworks
  90. 90. Network Efficiency• Frame size• Protocol interaction• Windowing and flow control• Error-recovery mechanisms
  91. 91. QoS Requirements• ATM service specifications – Constant bit rate (CBR) – Realtime variable bit rate (rt-VBR) – Non-realtime variable bit rate (nrt-VBR) – Unspecified bit rate (UBR) – Available bit rate (ABR) – Guaranteed frame rate (GFR)
  92. 92. QoS Requirements per IETF• IETF integrated services working group specifications – Controlled load service • Provides client data flow with a QoS closely approximating the QoS that same flow would receive on an unloaded network – Guaranteed service • Provides firm (mathematically provable) bounds on end-to-end packet-queuing delays
  93. 93. QoS Requirements per IETF• IETF differentiated services working group specifications – RFC 2475 – IP packets can be marked with a differentiated services codepoint (DSCP) to influence queuing and packet-dropping decisions for IP datagrams on an output interface of a router
  94. 94. Summary• Continue to use a systematic, top-down approach• Don’t select products until you understand network traffic in terms of: – Flow – Load – Behavior – QoS requirements
  95. 95. Review Questions• List and describe six different types of traffic flows.• What makes traffic flow in voice over IP networks challenging to characterize and plan for?• Why should you be concerned about broadcast traffic?• How do ATM and IETF specifications for QoS differ?
  96. 96. Top-Down Network Design Chapter Five Designing a Network Topology
  97. 97. Topology• A branch of mathematics concerned with those properties of geometric configurations that are unaltered by elastic deformations such as stretching or twisting• A term used in the computer networking field to describe the structure of a network
  98. 98. Network Topology Design Themes• Hierarchy• Redundancy• Modularity• Well-defined entries and exits• Protected perimeters
  99. 99. Why Use a Hierarchical Model?• Reduces workload on network devices – Avoids devices having to communicate with too many other devices (reduces “CPU adjacencies”)• Constrains broadcast domains• Enhances simplicity and understanding• Facilitates changes• Facilitates scaling to a larger size
  100. 100. Hierarchical Network Design Enterprise WAN Backbone Core Layer Campus A Campus B Campus C Distribution Campus C Backbone Layer Access LayerBuilding C-1 Building C-2
  101. 101. Cisco’s Hierarchical Design Model• A core layer of high-end routers and switches that are optimized for availability and speed• A distribution layer of routers and switches that implement policies and segment traffic• An access layer that connects users via hubs, switches, and other devices
  102. 102. Flat Versus Hierarchy Headquarters in MedfordHeadquarters in Grants Pass Medford Branch Office Klamath Falls Ashland Grants Pass Klamath Falls Ashland White City Branch Office Branch Branch Branch Office Branch Branch Office Office Office Office Flat Loop Topology Hierarchical Redundant Topology
  103. 103. Mesh DesignsPartial-Mesh Topology Full-Mesh Topology
  104. 104. A Partial-Mesh Hierarchical Design Headquarters (Core Layer) Regional Offices (Distribution Layer) Branch Offices (Access Layer)
  105. 105. A Hub-and-Spoke Hierarchical Topology Corporate HeadquartersBranch Office Home Office Branch Office
  106. 106. Avoid Chains and Backdoors Core Layer Distribution Layer Access Layer Backdoor Chain
  107. 107. How Do You Know When You Have a Good Design?• When you already know how to add a new building, floor, WAN link, remote site, e- commerce service, and so on• When new additions cause only local change, to the directly-connected devices• When your network can double or triple in size without major design changes• When troubleshooting is easy because there are no complex protocol interactions to wrap your brain around
  108. 108. Cisco’s Enterprise Composite Network Model Enterprise Campus Service Enterprise Edge Building Provider Campus Infrastructure Edge Access E-Commerce ISP A Network BuildingManagement Distribution Edge Internet ISP B Distribution Connectivity Campus PSTN Backbone VPN/ Remote Frame Access Relay, ATM WAN Server Farm
  109. 109. Campus Topology Design• Use a hierarchical, modular approach• Minimize the size of bandwidth domains• Minimize the size of broadcast domains• Provide redundancy – Mirrored servers – Multiple ways for workstations to reach a router for off-net communications
  110. 110. Enterprise Campus Modules• Server farm• Network management module• Edge distribution module for connectivity to the rest of the world• Campus infrastructure module: – Building access submodule – Building distribution submodule – Campus backbone
  111. 111. A Simple Campus Redundant Design Host A LAN X Switch 1 Switch 2 LAN Y Host B
  112. 112. Bridges and Switches use Spanning-Tree Protocol (STP) to Avoid Loops Host A LAN X Switch 1 X Switch 2 LAN Y Host B
  113. 113. Bridges (Switches) Running STP• Participate with other bridges in the election of a single bridge as the Root Bridge.• Calculate the distance of the shortest path to the Root Bridge and choose a port (known as the Root Port) that provides the shortest path to the Root Bridge.• For each LAN segment, elect a Designated Bridge and a Designated Port on that bridge. The Designated Port is a port on the LAN segment that is closest to the Root Bridge. (All ports on the Root Bridge are Designated Ports.)• Select bridge ports to be included in the spanning tree. The ports selected are the Root Ports and Designated Ports. These ports forward traffic. Other ports block traffic.
  114. 114. Elect a Root Lowest Bridge ID Bridge A ID = Wins! 80.00.00.00.0C.AA.AA.AA Root Bridge A Port 1 Port 2 LAN Segment 1 LAN Segment 2100-Mbps Ethernet 100-Mbps Ethernet Cost = 19 Cost = 19 Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = Bridge C ID = 80.00.00.00.0C.BB.BB.BB 80.00.00.00.0C.CC.CC.CC LAN Segment 3 100-Mbps Ethernet Cost = 19
  115. 115. Determine Root Ports Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Lowest Cost Wins! Port 1 Port 2 LAN Segment 1 LAN Segment 2100-Mbps Ethernet 100-Mbps Ethernet Cost = 19 Cost = 19 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = Bridge C ID = 80.00.00.00.0C.BB.BB.BB 80.00.00.00.0C.CC.CC.CC LAN Segment 3 100-Mbps Ethernet Cost = 19
  116. 116. Determine Designated Ports Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Designated Port Designated Port Port 1 Port 2 LAN Segment 1 LAN Segment 2 100-Mbps Ethernet 100-Mbps Ethernet Cost = 19 Cost = 19 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = Bridge C ID = 80.00.00.00.0C.BB.BB.BB 80.00.00.00.0C.CC.CC.CC LAN Segment 3Designated Port 100-Mbps Ethernet Lowest Bridge ID Cost = 19 Wins!
  117. 117. Prune Topology into a Tree! Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Designated Port Designated Port Port 1 Port 2 LAN Segment 1 LAN Segment 2 100-Mbps Ethernet 100-Mbps Ethernet Cost = 19 Cost = 19 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = Bridge C ID = X 80.00.00.00.0C.BB.BB.BB 80.00.00.00.0C.CC.CC.CC LAN Segment 3Designated Port Blocked Port 100-Mbps Ethernet Cost = 19
  118. 118. React to Changes Bridge A ID = 80.00.00.00.0C.AA.AA.AA Root Bridge A Designated Port Designated Port Port 1 Port 2 LAN Segment 1 LAN Segment 2 Root Port Root Port Port 1 Port 1 Bridge B Bridge C Port 2 Port 2 Bridge B ID = Bridge C ID = 80.00.00.00.0C.BB.BB.BB 80.00.00.00.0C.CC.CC.CC LAN Segment 3Designated Port Becomes Blocked Port Transitions to Disabled Forwarding State
  119. 119. Scaling the Spanning Tree Protocol• Keep the switched network small – It shouldn’t span more than seven switches• Use BPDU skew detection on Cisco switches• Use IEEE 802.1w – Provides rapid reconfiguration of the spanning tree – Also known as RSTP
  120. 120. Virtual LANs (VLANs)• An emulation of a standard LAN that allows data transfer to take place without the traditional physical restraints placed on a network• A set of devices that belong to an administrative group• Designers use VLANs to constrain broadcast traffic
  121. 121. VLANs versus Real LANs Switch A Switch BStation A1 Station A2 Station A3 Station B1 Station B2 Station B3 Network A Network B
  122. 122. A Switch with VLANs VLAN A Station A1 Station A2 Station A3 Station B1 Station B2 Station B3 VLAN B
  123. 123. VLANs Span Switches VLAN A VLAN A Station A1 Station A2 Station A3 Station A4 Station A5 Station A6 Switch A Switch BStation B1 Station B2 Station B3 Station B4 Station B5 Station B6 VLAN B VLAN B
  124. 124. WLANs and VLANs• A wireless LAN (WLAN) is often implemented as a VLAN• Facilitates roaming• Users remain in the same VLAN and IP subnet as they roam, so there’s no need to change addressing information• Also makes it easier to set up filters (access control lists) to protect the wired network from wireless users
  125. 125. Workstation-to-Router Communication• Proxy ARP (not a good idea)• Listen for route advertisements (not a great idea either)• ICMP router solicitations (not widely used)• Default gateway provided by DHCP (better idea but no redundancy) – Use Hot Standby Router Protocol (HSRP) for redundancy
  126. 126. HSRP Active Router Enterprise Internetwork Virtual RouterWorkstation Standby Router
  127. 127. Multihoming the Internet Connection ISP 1 ISP 1 Enterprise Paris Enterprise NY Option A Option CISP 1 ISP 2 ISP 1 ISP 2 Enterprise Paris Enterprise NY Option B Option D
  128. 128. Security Topologies DMZEnterprise Internet Network Web, File, DNS, Mail Servers
  129. 129. Security Topologies Internet Firewall DMZ Enterprise NetworkWeb, File, DNS, Mail Servers
  130. 130. Summary• Use a systematic, top-down approach• Plan the logical design before the physical design• Topology design should feature hierarchy, redundancy, modularity, and security
  131. 131. Review Questions• Why are hierarchy and modularity important for network designs?• What are the three layers of Cisco’s hierarchical network design?• What are the major components of Cisco’s enterprise composite network model?• What are the advantages and disadvantages of the various options for multihoming an Internet connection?
  132. 132. Top-Down Network Design Chapter Six Designing Models for Addressing and Naming
  133. 133. Guidelines for Addressing and Naming• Use a structured model for addressing and naming• Assign addresses and names hierarchically• Decide in advance if you will use – Central or distributed authority for addressing and naming – Public or private addressing – Static or dynamic addressing and naming
  134. 134. Advantages of Structured Models for Addressing & Naming• It makes it easier to – Read network maps – Operate network management software – Recognize devices in protocol analyzer traces – Meet goals for usability – Design filters on firewalls and routers – Implement route summarization
  135. 135. Public IP Addresses• Managed by the Internet Assigned Numbers Authority (IANA)• Users are assigned IP addresses by Internet service providers (ISPs).• ISPs obtain allocations of IP addresses from their appropriate Regional Internet Registry (RIR)
  136. 136. Regional Internet Registries (RIR)• APNIC (Asia Pacific Network Information Centre) – Asia/Pacific Region• ARIN (American Registry for Internet Numbers) – North America and Sub-Sahara Africa• LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and some Caribbean Islands• RIPE NCC (Réseaux IP Européens) – Europe, the Middle East, Central Asia, and African countries located north of the equator
  137. 137. Private Addressing• 10.0.0.0 – 10.255.255.255• 172.16.0.0 – 172.31.255.255• 192.168.0.0 – 192.168.255.255
  138. 138. Criteria for Using Static Vs. Dynamic Addressing• The number of end systems• The likelihood of needing to renumber• The need for high availability• Security requirements• The importance of tracking addresses• Whether end systems need additional information – (DHCP can provide more than just an address)
  139. 139. The Two Parts of an IP Address 32 Bits Prefix Host Prefix Length
  140. 140. Prefix Length• An IP address is accompanied by an indication of the prefix length – Subnet mask – /Length• Examples – 192.168.10.1 255.255.255.0 – 192.168.10.1/24
  141. 141. Subnet Mask• 32 bits long• Specifies which part of an IP address is the network/subnet field and which part is the host field – The network/subnet portion of the mask is all 1s in binary. – The host portion of the mask is all 0s in binary. – Convert the binary expression back to dotted-decimal notation for entering into configurations.• Alternative – Use slash notation (for example /24) – Specifies the number of 1s
  142. 142. Subnet Mask Example• 11111111 11111111 11111111 00000000• What is this in slash notation?• What is this in dotted-decimal notation?
  143. 143. Another Subnet Mask Example• 11111111 11111111 11110000 00000000• What is this in slash notation?• What is this in dotted-decimal notation?
  144. 144. One More Subnet Mask Example• 11111111 11111111 11111000 00000000• What is this in slash notation?• What is this in dotted-decimal notation?
  145. 145. Designing Networks with Subnets • Determining subnet size • Computing subnet mask • Computing IP addresses
  146. 146. Addresses to Avoid When Subnetting• A node address of all ones (broadcast)• A node address of all zeros (network)• A subnet address of all ones (all subnets)• A subnet address of all zeros (confusing) – Cisco IOS configuration permits a subnet address of all zeros with the ip subnet-zero command
  147. 147. Practice• Network is 172.16.0.0• You want to divide the network into subnets.• You will allow 600 nodes per subnet.• What subnet mask should you use?• What is the address of the first node on the first subnet?• What address would this node use to send to all devices on its subnet?
  148. 148. More Practice• Network is 172.16.0.0• You have eight LANs, each of which will be its own subnet.• What subnet mask should you use?• What is the address of the first node on the first subnet?• What address would this node use to send to all devices on its subnet?
  149. 149. One More• Network is 192.168.55.0• You want to divide the network into subnets.• You will have approximately 25 nodes per subnet.• What subnet mask should you use?• What is the address of the last node on the last subnet?• What address would this node use to send to all devices on its subnet?
  150. 150. IP Address Classes• Classes are now considered obsolete• But you have to learn them because – Everyone in the industry still talks about them! – You may run into a device whose configuration is affected by the classful system
  151. 151. Classful IP AddressingClass First First Byte Prefix Intent Few Bits LengthA 0 1-126* 8 Very large networksB 10 128-191 16 Large networksC 110 192-223 24 Small networksD 1110 224-239 NA IP multicastE 1111 240-255 NA Experimental*Addresses starting with 127 are reserved for IP traffic local to a host.
  152. 152. Division of the Classful Address Space Class Prefix Number of Addresses Length per Network A 8 224-2 = 16,777,214 B 16 216-2 = 65,534 C 24 28-2 = 254
  153. 153. Classful IP is Wasteful• Class A uses 50% of address space• Class B uses 25% of address space• Class C uses 12.5% of address space• Class D and E use 12.5% of address space
  154. 154. Classless Addressing• Prefix/host boundary can be anywhere• Less wasteful• Supports route summarization – Also known as • Aggregation • Supernetting • Classless routing • Classless inter-domain routing (CIDR) • Prefix routing
  155. 155. Supernetting 172.16.0.0 172.17.0.0 172.18.0.0 Branch-Office Router 172.19.0.0 Enterprise CoreBranch-Office Networks Network • Move prefix boundary to the left • Branch office advertises 172.16.0.0/14
  156. 156. 172.16.0.0/14 SummarizationSecond Octet in Decimal Second Octet in Binary16 0001000017 0001000118 0001001019 00010011
  157. 157. Discontiguous Subnets Area 0 Network 192.168.49.0Router A Router B Area 1 Area 2 Subnets 10.108.16.0 - Subnets 10.108.32.0 - 10.108.31.0 10.108.47.0
  158. 158. A Mobile HostRouter A Router B Subnets 10.108.16.0 - 10.108.31.0 Host 10.108.16.1
  159. 159. IPv6 Aggregatable Global Unicast Address Format3 13 8 24 16 64 bitsFP TLA RES NLA SLA Interface ID ID ID ID Site Public topology Topology • FP Format Prefix (001) • TLA ID Top-Level Aggregation Identifier • RES Reserved for future use • NLA ID Next-Level Aggregation Identifier • SLA ID Site-Level Aggregation Identifier • Interface ID Interface Identifier
  160. 160. Upgrading to IPv6• Dual stack• Tunneling• Translation
  161. 161. Guidelines for Assigning Names• Names should be – Short – Meaningful – Unambiguous – Distinct – Case insensitive• Avoid names with unusual characters – Hyphens, underscores, asterisks, and so on
  162. 162. Domain Name System (DNS)• Maps names to IP addresses• Supports hierarchical naming – example: frodo.rivendell.middle-earth.com• A DNS server has a database of resource records (RRs) that maps names to addresses in the server’s “zone of authority”• Client queries server – Uses UDP port 53 for name queries and replies – Uses TCP port 53 for zone transfers
  163. 163. DNS Details• Client/server model• Client is configured with the IP address of a DNS server – Manually or DHCP can provide the address• DNS resolver software on the client machine sends a query to the DNS server. Client may ask for recursive lookup.
  164. 164. DNS Recursion• A DNS server may offer recursion, which allows the server to ask other servers – Each server is configured with the IP address of one or more root DNS servers.• When a DNS server receives a response from another server, it replies to the resolver client software. The server also caches the information for future requests. – The network administrator of the authoritative DNS server for a name defines the length of time that a non- authoritative server may cache information.
  165. 165. Summary• Use a systematic, structured, top-down approach to addressing and naming• Assign addresses in a hierarchical fashion• Distribute authority for addressing and naming where appropriate• IPv6 looms in our future
  166. 166. Review Questions• Why is it important to use a structured model for addressing and naming?• When is it appropriate to use IP private addressing versus public addressing?• When is it appropriate to use static versus dynamic addressing?• What are some approaches to upgrading to IPv6?
  167. 167. Top-Down Network Design Chapter Seven Selecting Switching and Routing Protocols
  168. 168. Switching and Routing Choices• Switching – Layer 2 transparent bridging (switching) – Multilayer switching – Spanning Tree Protocol enhancements – VLAN technologies• Routing – Static or dynamic – Distance-vector and link-state protocols – Interior and exterior – Etc.
  169. 169. Selection Criteria for Switching and Routing Protocols• Network traffic characteristics• Bandwidth, memory, and CPU usage• The number of peers supported• The capability to adapt to changes quickly• Support for authentication
  170. 170. Making Decisions• Goals must be established• Many options should be explored• The consequences of the decision should be investigated• Contingency plans should be made• A decision table can be used
  171. 171. Example Decision Table
  172. 172. Transparent Bridging (Switching) Tasks• Forward frames transparently• Learn which port to use for each MAC address• Flood frames when the destination unicast address hasn’t been learned yet• Filter frames from going out ports that don’t include the destination address• Flood broadcasts and multicasts
  173. 173. Switching Table on a Bridge or Switch MAC Address Port 08-00-07-06-41-B9 1 00-00-0C-60-7C-01 2 00-80-24-07-8C-02 3
  174. 174. Cisco Multilayer Switching• Route processor or router• Switching engine• The Multilayer Switching Protocol (MLSP)
  175. 175. Cisco Spanning Tree Protocol Enhancements• PortFast• UplinkFast and Backbone Fast• Unidirectional link detection• Loop Guard
  176. 176. Redundant Uplinks Core Layer X Distribution Layer Switch B Switch C Primary Secondary Uplink X Uplink Access Layer Switch A X = blocked by STP• If a link fails, how long will STP take to recover?• Use UplinkFast to speed convergence
  177. 177. Protocols for Transporting VLAN Information• Inter-Switch Link (ISL) – Tagging protocol – Cisco proprietary• IEEE 802.1Q – Tagging protocol – IEEE standard• VLAN Trunk Protocol (VTP) – VLAN management protocol
  178. 178. Selecting Routing Protocols• They all have the same general goal: – To share network reachability information among routers• They differ in many ways: – Interior versus exterior – Metrics supported – Dynamic versus static and default – Distance-vector versus link-sate – Classful versus classless – Scalability
  179. 179. Interior Versus Exterior Routing Protocols• Interior routing protocols are used within an autonomous system• Exterior routing protocols are used between autonomous systemsAutonomous system (two definitions that are often used):“A set of routers that presents a common routing policy to theinternetwork”“A network or set of networks that are under the administrative controlof a single entity”
  180. 180. Routing Protocol Metrics• Metric: the determining factor used by a routing algorithm to decide which route to a network is better than another• Examples of metrics: – Bandwidth - capacity – Delay - time – Load - amount of network traffic – Reliability - error rate – Hop count - number of routers that a packet must travel through before reaching the destination network – Cost - arbitrary value defined by the protocol or administrator
  181. 181. Routing Algorithms• Static routing – Calculated beforehand, offline• Default routing – “If I don’t recognize the destination, just send the packet to Router X”• Cisco’s On-Demand Routing – Routing for stub networks – Uses Cisco Discovery Protocol (CDP)• Dynamic routing protocol – Distance-vector algorithms – Link-state algorithms
  182. 182. Static Routing Example 172.16.20.1 172.16.20.2 172.16.40.1 172.16.40.2 Router A Router B Router C s0 s0 s0 s1 e0 e0 e0172.16.10.1 172.16.30.1 172.16.50.1 Host A Host B Host C 172.16.10.2 172.16.30.2 172.16.50.2 RouterA(config)#ip route 172.16.50.0 255.255.255.0 172.16.20.2 Send packets for subnet 50 to 172.16.20.2 (Router B)
  183. 183. Default Routing Example 172.16.20.1 172.16.20.2 172.16.40.1 172.16.40.2 Router A Router B Router C s0 s0 s0 s1 e0 e0 e0172.16.10.1 172.16.30.1 172.16.50.1 Host A Host B Host C 172.16.10.2 172.16.30.2 172.16.50.2 RouterA(config)#ip route 0.0.0.0 0.0.0.0 172.16.20.2 If it’s not local, send it to 172.16.20.2 (Router B)
  184. 184. Distance-Vector Routing• Router maintains a routing table that lists known networks, direction (vector) to each network, and the distance to each network• Router periodically (every 30 seconds, for example) transmits the routing table via a broadcast packet that reaches all other routers on the local segments• Router updates the routing table, if necessary, based on received broadcasts
  185. 185. Distance-Vector Routing Tables Router A Router B 172.16.0.0 192.168.2.0 Router A’s Routing Table Router B’s Routing TableNetwork Distance Send Network Distance SendTo To172.16.0.0 0 192.168.2.0 0 Port 1 Port 1 172.16.0.0192.168.2.0 1 1
  186. 186. Link-State Routing• Routers send updates only when there’s a change• Router that detects change creates a link-state advertisement (LSA) and sends it to neighbors• Neighbors propagate the change to their neighbors• Routers update their topological database if necessary
  187. 187. Distance-Vector Vs. Link-State• Distance-vector algorithms keep a list of networks, with next hop and distance (metric) information• Link-state algorithms keep a database of routers and links between them – Link-state algorithms think of the internetwork as a graph instead of a list – When changes occur, link-state algorithms apply Dijkstra’s shortest-path algorithm to find the shortest path between any two nodes
  188. 188. Choosing Between Distance- Vector and Link-StateChoose Distance-Vector Choose Link-State• Simple, flat topology • Hierarchical topology• Hub-and-spoke topology • More senior network• Junior network administrators administrators• Convergence time not a big • Fast convergence is critical concern
  189. 189. Dynamic IP Routing ProtocolsDistance-Vector Link-State• Routing Information Protocol • Open Shortest Path First (RIP) Version 1 and 2 (OSPF)• Interior Gateway Routing • Intermediate System-to- Protocol (IGRP) Intermediate System (IS-IS)• Enhanced IGRP• Border Gateway Protocol (BGP)
  190. 190. Routing Information Protocol (RIP)• First standard routing protocol developed for TCP/IP environments – RIP Version 1 is documented in RFC 1058 (1988) – RIP Version 2 is documented in RFC 2453 (1998)• Easy to configure and troubleshoot• Broadcasts its routing table every 30 seconds; 25 routes per packet• Uses a single routing metric (hop count) to measure the distance to a destination network; max hop count is 15
  191. 191. RIP V2 Features• Includes the subnet mask with route updates – Supports prefix routing (classless routing, supernetting) – Supports variable-length subnet masking (VLSM)• Includes simple authentication to foil crackers sending routing updates
  192. 192. IGRP Solved Problems with RIP• 15-hop limitation in RIP – IGRP supports 255 hops• Reliance on just one metric (hop count) – IGRP uses bandwidth, delay, reliability, load – (By default just uses bandwidth and delay)• RIPs 30-second update timer – IGRP uses 90 seconds
  193. 193. EIGRP• Adjusts to changes in internetwork very quickly• Incremental updates contain only changes, not full routing table• Updates are delivered reliably• Router keeps track of neighbors’ routing tables and uses them as feasible successor• Same metric as IGRP, but more granularity (32 bits instead of 24 bits)
  194. 194. Open Shortest Path First (OSPF)• Open standard, defined in RFC 2328• Adjusts to changes quickly• Supports very large internetworks• Does not use a lot of bandwidth• Authenticates protocol exchanges to meet security goals
  195. 195. OSPF Metric• A single dimensionless value called cost. A network administrator assigns an OSPF cost to each router interface on the path to a network. The lower the cost, the more likely the interface is to be used to forward data traffic.• On a Cisco router, the cost of an interface defaults to 100,000,000 divided by the bandwidth for the interface. For example, a 100-Mbps Ethernet interface has a cost of 1.
  196. 196. OSPF Areas Connected via Area Border Routers (ABRs) Area 0 (Backbone) ABR ABR ABR Area 1 Area 2 Area 3
  197. 197. IS-IS• Intermediate System-to-Intermediate System• Link-state routing protocol• Designed by the ISO for the OSI protocols• Integrated IS-IS handles IP also
  198. 198. Border Gateway Protocol (BGP)• Allows routers in different autonomous systems to exchange routing information – Exterior routing protocol – Used on the Internet among large ISPs and major companies• Supports route aggregation• Main metric is the length of the list of autonomous system numbers, but BGP also supports routing based on policies
  199. 199. Summary• The selection of switching and routing protocols should be based on an analysis of – Goals – Scalability and performance characteristics of the protocols• Transparent bridging is used on modern switches – But other choices involve enhancements to STP and protocols for transporting VLAN information• There are many types of routing protocols and many choices within each type
  200. 200. Review Questions• What are some options for enhancing the Spanning Tree Protocol?• What factors will help you decide whether distance-vector or link-state routing is best for your design customer?• What factors will help you select a specific routing protocol?• Why do static and default routing still play a role in many modern network designs?
  201. 201. Top-Down Network Design Chapter Eight Developing Network Security Strategies
  202. 202. Network Security Design The 12 Step Program1. Identify network assets2. Analyze security risks3. Analyze security requirements and tradeoffs4. Develop a security plan5. Define a security policy6. Develop procedures for applying security policies
  203. 203. The 12 Step Program (continued)7. Develop a technical implementation strategy8. Achieve buy-in from users, managers, and technical staff9. Train users, managers, and technical staff10. Implement the technical strategy and security procedures11. Test the security and update it if any problems are found12. Maintain security
  204. 204. Network Assets• Hardware• Software• Applications• Data• Intellectual property• Trade secrets• Company’s reputation
  205. 205. Security Risks• Hacked network devices – Data can be intercepted, analyzed, altered, or deleted – User passwords can be compromised – Device configurations can be changed• Reconnaissance attacks• Denial-of-service attacks
  206. 206. Security Tradeoffs• Tradeoffs must be made between security goals and other goals: – Affordability – Usability – Performance – Availability – Manageability
  207. 207. A Security Plan • High-level document that proposes what an organization is going to do to meet security requirements • Specifies time, people, and other resources that will be required to develop a security policy and achieve implementation of the policy
  208. 208. A Security Policy• Per RFC 2196, “The Site Security Handbook,” a security policy is a – “Formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide.”• The policy should address – Access, accountability, authentication, privacy, and computer technology purchasing guidelines
  209. 209. Security Mechanisms• Physical security• Authentication• Authorization• Accounting (Auditing)• Data encryption• Packet filters• Firewalls• Intrusion Detection Systems (IDSs)
  210. 210. Modularizing Security Design• Security defense in depth – Network security should be multilayered with many different techniques used to protect the network• Belt-and-suspenders approach – Don’t get caught with your pants down
  211. 211. Modularizing Security Design• Secure all components of a modular design: – Internet connections – Public servers and e-commerce servers – Remote access networks and VPNs – Network services and network management – Server farms – User services – Wireless networks
  212. 212. Cisco’s Enterprise Composite Network Model Enterprise Campus Service Enterprise Edge Building Provider Campus Infrastructure Edge Access E-Commerce ISP A Network BuildingManagement Distribution Edge Internet ISP B Distribution Connectivity Campus PSTN Backbone VPN/ Remote Frame Access Relay, ATM WAN Server Farm
  213. 213. Cisco SAFE• Cisco SAFE Blueprint addresses security in every module of a modular network architecture.
  214. 214. Securing Internet Connections• Physical security• Firewalls and packet filters• Audit logs, authentication, authorization• Well-defined exit and entry points• Routing protocols that support authentication
  215. 215. Securing Public Servers• Place servers in a DMZ that is protected via firewalls• Run a firewall on the server itself• Enable DoS protection – Limit the number of connections per timeframe• Use reliable operating systems with the latest security patches• Maintain modularity – Front-end Web server doesn’t also run other services
  216. 216. Security Topologies DMZEnterprise Internet Network Web, File, DNS, Mail Servers
  217. 217. Security Topologies Internet Firewall DMZ Enterprise NetworkWeb, File, DNS, Mail Servers
  218. 218. Securing Remote-Access and Virtual Private Networks• Physical security• Firewalls• Authentication, authorization, and auditing• Encryption• One-time passwords• Security protocols – CHAP – RADIUS – IPSec
  219. 219. Securing Network Services• Treat each network device (routers, switches, and so on) as a high-value host and harden it against possible intrusions• Require login IDs and passwords for accessing devices – Require extra authorization for risky configuration commands• Use SSH rather than Telnet• Change the welcome banner to be less welcoming
  220. 220. Securing Server Farms• Deploy network and host IDSs to monitor server subnets and individual servers• Configure filters that limit connectivity from the server in case the server is compromised• Fix known security bugs in server operating systems• Require authentication and authorization for server access and management• Limit root password to a few people• Avoid guest accounts
  221. 221. Securing User Services• Specify which applications are allowed to run on networked PCs in the security policy• Require personal firewalls and antivirus software on networked PCs – Implement written procedures that specify how the software is installed and kept current• Encourage users to log out when leaving their desks• Consider using 802.1X port-based security on switches
  222. 222. Securing Wireless Networks• Place wireless LANs (WLANs) in their own subnet or VLAN – Simplifies addressing and makes it easier to configure packet filters• Require all wireless (and wired) laptops to run personal firewall and antivirus software• Disable beacons that broadcast the SSID, and require MAC address authentication – Except in cases where the WLAN is used by visitors
  223. 223. WLAN Security Options• Wired Equivalent Privacy (WEP)• IEEE 802.11i• Wi-Fi Protected Access (WPA)• IEEE 802.1X Extensible Authentication Protocol (EAP) – Lightweight EAP or LEAP (Cisco) – Protected EAP (PEAP)• Virtual Private Networks (VPNs)• Any other acronyms we can think of? :-)
  224. 224. Wired Equivalent Privacy (WEP)• Defined by IEEE 802.11• Users must possess the appropriate WEP key that is also configured on the access point – 64 or 128-bit key (or passphrase)• WEP encrypts the data using the RC4 stream cipher method• Infamous for being crackable
  225. 225. WEP Alternatives• Vendor enhancements to WEP• Temporal Key Integrity Protocol (TKIP) – Every frame has a new and unique WEP key• Advanced Encryption Standard (AES)• IEEE 802.11i• Wi-Fi Protected Access (WPA) from the Wi-Fi Alliance – Realistic parts of IEEE 802.11i now!
  226. 226. Extensible Authentication Protocol (EAP)• With 802.1X and EAP, devices take on one of three roles: – The supplicant resides on the wireless LAN client – The authenticator resides on the access point – An authentication server resides on a RADIUS server
  227. 227. EAP (Continued)• An EAP supplicant on the client obtains credentials from the user, which could be a user ID and password• The credentials are passed by the authenticator to the server and a session key is developed• Periodically the client must reauthenticate to maintain network connectivity• Reauthentication generates a new, dynamic WEP key
  228. 228. Cisco’s Lightweight EAP (LEAP)• Standard EAP plus mutual authentication – The user and the access point must authenticate• Used on Cisco and other vendors’ products
  229. 229. Other EAPs• EAP-Transport Layer Security (EAP-TLS) was developed by Microsoft – Requires certificates for clients and servers.• Protected EAP (PEAP) is supported by Cisco, Microsoft, and RSA Security – Uses a certificate for the client to authenticate the RADIUS server – The server uses a username and password to authenticate the client• EAP-MD5 has no key management features or dynamic key generation – Uses challenge text like basic WEP authentication – Authentication is handled by RADIUS server
  230. 230. VPN Software on Wireless Clients• Safest way to do wireless networking for corporations• Wireless client requires VPN software• Connects to VPN concentrator at HQ• Creates a tunnel for sending all traffic• VPN security provides: – User authentication – Strong encryption of data – Data integrity
  231. 231. Summary• Use a top-down approach – Chapter 2 talks about identifying assets and risks and developing security requirements – Chapter 5 talks about logical design for security (secure topologies) – Chapter 8 talks about the security plan, policy, and procedures – Chapter 8 also covers security mechanisms and selecting the right mechanisms for the different components of a modular network design
  232. 232. Review Questions• How does a security plan differ from a security policy?• Why is it important to achieve buy-in from users, managers, and technical staff for the security policy?• What are some methods for keeping hackers from viewing and changing router and switch configuration information?• How can a network manager secure a wireless network?
  233. 233. Top-Down Network Design Chapter Nine Developing Network Management Strategies
  234. 234. Network Management• Helps an organization achieve availability, performance, and security goals• Helps an organization measure how well design goals are being met and adjust network parameters if they are not being met• Facilitates scalability – Helps an organization analyze current network behavior, apply upgrades appropriately, and troubleshoot any problems with upgrades
  235. 235. Network Management Design• Consider scalability, traffic patterns, data formats, cost/benefit tradeoffs• Determine which resources should be monitored• Determine metrics for measuring performance• Determine which and how much data to collect
  236. 236. Proactive Network Management• Plan to check the health of the network during normal operation, not just when there are problems• Recognize potential problems as they develop• Optimize performance• Plan upgrades appropriately
  237. 237. Network Management Processes According to the ISO• Performance management• Fault management• Configuration management• Security management• Accounting management
  238. 238. Performance Management• Monitor end-to-end performance• Also monitor component performance (individual links and devices)• Test reachability• Measure response times• Measure traffic flow and volume• Record route changes
  239. 239. Fault Management• Detect, isolate, diagnose, and correct problems• Report status to end users and managers• Track trends related to problems
  240. 240. Configuration Management• Keep track of network devices and their configurations• Maintain an inventory of network assets• Log versions of operating systems and applications
  241. 241. Security Management• Maintain and distribute user names and passwords• Generate, distribute, and store encryption keys• Analyze router, switch, and server configurations for compliance with security policies and procedures• Collect, store, and examine security audit logs
  242. 242. Accounting Management• Keep track of network usage by departments or individuals• Facilitate usage-based billing• Find abusers who use more resources than they should
  243. 243. Network Management Components• A managed device is a network node that collects and stores management information• An agent is network-management software that resides in a managed device• A network-management system (NMS) runs applications to display management data, monitor and control managed devices, and communicate with agents
  244. 244. Network Management Architecture NMS Agent Agent Agent Management Management Management Database Database Database Managed Devices
  245. 245. Architecture Concerns• In-band versus out-of-band monitoring – In-band is easier to develop, but results in management data being impacted by network problems• Centralized versus distributed monitoring – Centralized management is simpler to develop and maintain, but may require huge amounts of information to travel back to a centralized network operations center (NOC)
  246. 246. Simple Network Management Protocol (SNMP)• Most popular network management protocol• SNMPv3 should gradually supplant versions 1 and 2 because it offers better authentication• SNMP works with Management Information Bases (MIBs)
  247. 247. Remote Monitoring (RMON)• Developed by the IETF in the early 1990s to address shortcomings in standard MIBs – Provides information on data link and physical layer parameters – Nine groups of data for Ethernet – The statistics group tracks packets, octets, packet-size distribution, broadcasts, collisions, dropped packets, fragments, CRC and alignment errors, jabbers, and undersized and oversized packets
  248. 248. Cisco Tools• Cisco Discovery Protocol• NetFlow Accounting• Service Assurance Agent (SAA)
  249. 249. Summary• Determine which resources to monitor, which data about these resources to collect, and how to interpret that data• Develop processes that address performance, fault, configuration, security, and accounting management• Develop a network management architecture• Select management protocols and tools
  250. 250. Review Questions• Why is network management design important?• Define the five types of network management processes according to the ISO.• What are some advantages and disadvantages of using in-band network management versus out-of-band network management?• What are some advantages and disadvantages of using centralized network management versus distributed network management?
  251. 251. Top-Down Network Design Chapter TenSelecting Technologies and Devices for Campus Networks
  252. 252. Selecting Technologies and Devices• We now know what the network will look like• We also know what capabilities the network will need• We are now ready to start picking out technologies and devices• Chapter 10 has guidelines for campus networks
  253. 253. Campus Network Design Steps• Develop a cabling plant design• Select the types of cabling• Select the data-link-layer technologies• Select internetworking devices – Meet with vendors
  254. 254. Cabling Plant Design Considerations• Campus and building cabling topologies• The types and lengths of cables between buildings• Within buildings – The location of telecommunications closets and cross- connect rooms – The types and lengths of cables for vertical cabling between floors – The types and lengths of cables for horizontal cabling within floors – The types and lengths of cables for work-area cabling going from telecommunications closets to workstations
  255. 255. Centralized Versus Distributed Cabling Topologies• A centralized cabling scheme terminates most or all of the cable runs in one area of the design environment. A star topology is an example of a centralized system.• A distributed cabling scheme terminates cable runs throughout the design environment. Ring, bus, and tree topologies are examples of distributed systems.
  256. 256. Centralized Campus Cabling Building B Building C Building DCable BundleBuilding A
  257. 257. Distributed Campus Cabling Building B Building C Building DBuilding A
  258. 258. Types of Media Used in Campus Networks• Copper media• Optical media• Wireless media
  259. 259. Copper Media Advantages• Conducts electric current well• Does not rust• Can be drawn into thin wires• Easy to shape• Hard to break
  260. 260. Copper MediaCoaxial Twisted-PairShielded Twisted-Pair (STP) Unshielded Twisted-Pair (UTP)
  261. 261. Coaxial Cable• Solid copper conductor, surrounded by: – Flexible plastic insulation – Braided copper shielding – Outer jacket• Can be run without as many boosts from repeaters, for longer distances between network nodes, than either STP or UTP cable – Nonetheless, it’s no longer widely used
  262. 262. Twisted-Pair Cabling• A “twisted pair” consists of two copper conductors twisted together• Each conductor has plastic insulation• Shielded Twisted Pair (STP) – Has metal foil or braided-mesh covering that encases each pair• Unshielded Twisted Pair (UTP) – No metal foil or braided-mesh covering around pairs, so it’s less expensive
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×